Tag Archives: ransomware

The Case for Cloud Computing

Insurers must regain competitive ground in the digital race for the customer, and all roads that make sense … lead to cloud adoption.

Growing ransomware attacks should be the weight that tips the scales. T-Mobile was breached just recently. Half of its customers (105 million) now have their Social Security numbers, names and birthdates exposed. The information is already up for sale. Last year, insurers and healthcare systems were hacked in greater numbers. Ransomware victims across all industries paid out $370 million in cryptocurrency in 2020, 336% more than in 2019.

Vigilance in cybersecurity requires a different approach

Cybersecurity is not optional. It is table stakes. The issue is no longer all about keeping the data and systems safe. It is about looking out for and being able to nip potential vulnerabilities and hackers in the bud, before the hack actually happens. Vigilance is not reactive, it is proactive.

Pre-cloud security matched pre-cloud threats.

It used to be that the typical trajectory of a security exercise within a company would be periodic business continuity and disaster recovery checks. You might also have audits that are mandated by a public service organization or you might have specific customers that request to be in conformance with SOC audits, etc.

That type of security practice has spun 180 degrees. What changed?

Anyone can hack now.

The increasing consumerization and democratization of data and technology tools has made nearly every citizen in the world a potential hacker. Any interested party with a high IQ is potentially someone who can hack into your systems. The new urgency and vigilance is no longer about conforming to audits, conducting periodic checks or conforming to state or public-sector-driven regulations. It’s about continually being secure by examining your own insecurity. Cybersecurity is an enabler to doing business.

See also: Why Cloud Platforms Are Critical

The frequency of hack-possible events is making security far more complex.

Insurers and vendors all have security measures in place. But cyber hackers are twice as fast at breaking solutions as the solution providers are at updating their security tools. This makes cybersecurity a process rather than an event-driven initiative. Hackers have also improved in their ability to handle complexity. Where hacks come from and who can be a perpetrator is always expanding. Corporate security teams are doing their best, yet they are still sometimes scratching their heads, asking themselves, “Just which part of our data and systems do we protect?” And the answer, of course is, “all” and “everything.” Nothing is truly safe. Cybersecurity is no longer a point-in-time exercise, and it has to cover every part of your data and platform framework. 

Answer = Cloud

Public cloud vendors answer these two related problems: expansion of the hacker community and the increasing complexity of protecting against hacking events. With public clouds, the large cloud vendor is doing the job of security for all of us — proactively taking responsibility for their customers.

Microsoft Azure is a great example. Microsoft invests more than $1 billion annually in cybersecurity research and development for Azure alone. This doesn’t include Microsoft Office or any of their own products. Microsoft Azure has more than 3,500 dedicated security experts. Their job, day in and day out, is to counsel their customers and close gaps. “Here is how well-designed your technology stack is against cybersecurity, and this is what Azure can do for you.”

With the cloud, security is job zero

If an insurer gets one takeaway from this blog, it should be this: Cybersecurity is job zero. It is not an add-on.

When we talk about securing a customer’s stack, there are six key things that we should do for them. These principles are universally adhered to:

  1. We implement a strong security foundation. We must begin with role access. No matter who you are, your role is given only a certain sphere of access, and that is all you can access. As a cloud software vendor, we ensure that level of identity foundation.
  2. Insuring traceability. A traditional issue in security was that, until three or four years ago, when hacks happened, it could take months for companies to figure out the root cause. What was hacked? What was the precise level of leakage, especially in insurance companies? The delay in understanding could lead to billions of dollars in loss. Insuring traceability, which includes monitoring alerts and audit action and changes to your environment, happens in the cloud in real time. You don’t need to wait two months for some IT guy to get into the old logs and figure out what has been lost or hacked. Your systems have real-time traceability.
  3. Security must be applied on all layers. When you consider an organizational stack that resides in the cloud, that includes a client’s network, their servers, their websites, their applications and databases. Everything is now in the cloud. When we say that we manage their security, we apply security at all of these layers as well. We aren’t just securing their database or their front end.
  4. Data must be protected both in transit and at rest. This is a modern, cloud-driven cybersecurity attribute. If you think of a traditional insurance organization, volumes of data are stored in their archival systems, such as their legacy administration and billing systems. This is data at rest. But an incredible amount of data is in constant transfer between the insurer and brokers or the insurer and customers. That is data in transit. What a cloud-native environment does is to protect data both in transit and at rest.
  5. Least access as privilege. This is a logistics issue related to role-based access. Another traditional problem within internal IT shops has been that there is not always transparency if an employee leaves or is fired. HR may take 24 hours before notifying IT.  IT takes two hours to deactivate that person’s access from the respective systems. By this time, security has already been compromised. All cloud systems function on a different principle — the principle of least access privilege. A person only has access to the portion of the system that they are supposed to touch. There is no universal access. The CFO doesn’t automatically get access to everything. Cloud security functions on the basis of least access privilege. If a person needs greater access, they have to ask for it and gain permission before it is granted. This is paradigm shift in security that the cloud has brought about.
  6. Security guidance through the well-architected playbook. Let’s say that your organization moves to the cloud to improve their digital presence and manage their data more effectively and to save additional expense. What you’re getting is so much more than that, though. Integrated security is the “value-add.” You’re receiving protective security and security expertise. This is life in the cloud. When you sign up, you get measured for how secure your full system is. The playbook has security design principles that will allow you to measure your system security. “Here’s how well-designed your systems are, based on key design principles. Here are some gaps that you need to fix.” The playbook also provides things like incidence response simulations. It has investigation policies and processes available as templates. It is a ready-to-use “security cookbook” supported by subject-matter experts. It is less prescriptive and more actionable. “Here’s where you are. Here is what needs to happen for you to get where you need to be.”

And if that’s not enough…there’s the financial picture

Cybersecurity costs money. If you are investing in internal security, you will likely spend more than if you are letting your environment be managed as a cloud-native environment where security is a part of the solution. The cloud hands you cost avoidance as a part of your business case or return on investment. The cloud provider is taking on this responsibility. This is intentional cost-avoidance on the part of the insurer.

In data-intensive organizations, such as financial, healthcare or insurance organizations, there is a significant amount of leakage every year due to security breaches. These aren’t necessarily data thefts; they are losses that are just eliminated by the cloud. The razor-sharp, stringent data security mechanisms that are in place for cybersecurity naturally fix other data leakage issues. This is an unintentional cost-avoidance, but it happens nonetheless.

Which brings us to our last point. The same real-time monitoring that can be used for security purposes will even help insurers to adopt better real-time monitoring for any issue. If you extend the concept, moving to the cloud forces the organization to whip its data and processes into shape enough to migrate, then the cloud takes over. The simple process of preparation is a beneficial exercise. Every aspect of cloud migration makes an excellent case for doing it now.

See also: A Novel Approach to Cybersecurity

For a broader look at many of the key benefits of cloud adoption, be sure to view the Majesco and Microsoft webinar, New Normal: The Catalyst for Cloud Adoption, or read Denise Garth’s interview/blog with Manish Shah, President and Chief Product Officer, Majesco, and Jonathan Silverman, Director of Insurance Industry Solutions, Microsoft, titled Majesco CloudInsurer Plus Microsoft Azure: A True Insurance SaaS Platform.

How to Stop Ransomware

When notorious criminal John Dillinger was asked during the Depression why he robbed banks, he famously replied: “Because that’s where the money is.” That simple observation may offer an answer to the surge of ransomware.

Even as companies struggle to strengthen their protections against hackers, we can target ransomware payments in some quite straightforward ways — and, if the criminals can’t get their money, what’s the point in hacking?

As this essay in the New York Times argues, “The United States does not have a ransomware problem so much as it has an anonymous ransom problem. If we can change the payment system to make the kidnapping [of businesses] less profitable, we will go a long way toward a solution.”

The author, Paul Rosenzweig, a former senior official in the Department of Homeland Security, says 95% to 98% of criminals involved in kidnaping people for ransom are caught and convicted, partly because they can be identified when the transfer of money occurs. By contrast, hackers demand ransomware in cryptocurrency, which, as of now, is extremely hard to trace.

Rosenzweig argues that the U.S. government could simply “adopt and enforce regulations for the cryptocurrency industry that are equivalent to those that govern the traditional banking industry. Cryptocurrency exchanges, ‘kiosks’ and trading ‘desks’ are not complying with laws that target money laundering, financing of terrorism and suspicious-activity reporting….

“For example, some cryptocurrency services offer a ‘tumbler’ feature. Tumblers take cryptocurrencies from many sources, mix them up and then redistribute them, making financial transactions harder to trace. This practice looks like money laundering and would be illegal in the nonvirtual world.”

Even though countries like Russia will probably continue to offer safe havens for ransomware thieves, the U.S. can take unilateral action and “refuse access to [the U.S. banking system] by cryptocurrency exchanges unless they demonstrate that they are equipped and prepared to prevent ransomware payoffs…. To be fully valuable, digital currency must also be convertible to cash, so the exchanges would have a strong incentive to comply.”

The U.S. could also require foreign banks to “impose stricter regulations on cryptocurrency. Because access to the American financial market is vitally important to foreign banks, they, too, would have a strong incentive to comply.”

There has been at least a bit of precedent for tracking and recovering the cryptocurrency used to pay corporate ransoms — after hackers shut down Colonial Pipeline in early May and were paid a ransom in Bitcoin that was valued at $4.4 million at the time, authorities recovered 85% of the Bitcoins.

There is also precedent for blocking illegal activities by cutting off access to the banking system. I saw an instance up close and personal in the mid-2000s when I was working on a book project with one of the world’s top poker players. He was involved in one of a series of high-profile efforts to take the popularity of poker on cable-TV and leverage it to build a massive online gambling site. While online gambling was illegal in the U.S., plenty of jurisdictions in the Caribbean were willing to host the site. Then the U.S. enacted a law that imposed major penalties on any U.S. bank that handled transactions for online gambling sites. And that was that. All the attempts at building national online poker sites shriveled up and died.

I suspect that companies and their insurers will still bear the brunt of ransomware for some time to come. Companies will need to shore up their defenses, with advice that insurers have developed by working with many clients across multiple industries and with technology companies that are working to stay one step ahead of the hackers. But aggressive action by the federal government could reduce ransomware significantly by going after the flows of money.

I look forward to the day when someone writes an article declaring the end of this scourge. I even have a headline in mind:

“Ransomware: Where the Money Isn’t.”



Boosting Cyber Hygiene With Insurtech

Thanks to large-scale ransomware attacks on technology providers like Kaseya, everyone involved — from cybersecurity practitioners to the business leaders who hire them, and from local policymakers to the White House — is thinking about how to reduce risk across the board. As cyber attacks grow in quantity and complexity, hurting downstream customers and interrupting business continuity, organizations need to take the right steps to implement proper security controls. 

Before, in-house security teams at organizations were scarcely involved with cyber insurers (if the organization had a cyber insurance policy at all). But in the face of an intensifying threat landscape, policyholders, brokers and insurers are working together to find solutions that benefit everyone involved. This newfound collaboration is enabled by technologies and solutions developed by insurtechs, taking the form of data-driven approaches to underwriting and more efficient implementation of best practices, thanks to up-to-the-moment data on security postures gathered by insurers and shared with brokers and policyholders. 

Let’s look at a few of the ways that insurers, brokers and policyholders are working together to improve security. 

Giving Policyholders Incentives to Adopt Better Controls

Policyholders should be encouraged to implement better cyber defense. Today, cyber insurers are looking for a new baseline of controls, which commonly includes multi-factor authentication (MFA), endpoint detection and response (EDR) and acceptable backup planning and strategy.

  1. MFA is an authentication method that requires the user to provide two or more credentials to gain access to an account. Rather than just asking for a username and password, MFA requires one or more additional verification factors unique to the individual, which decreases the likelihood of a successful cyber attack. Insurers want to see MFA for access to email, remote access to the network and administrator-level access, as it will help thwart or at least slow down an attacker. While a determined threat actor may find a way around MFA, a company without MFA in use is low-hanging fruit.
  2. Assuming a skilled threat actor does find a way in, EDR tools can provide an extra layer of threat identification and protection. They have all the benefits of regular antivirus software but go beyond just looking for known indicators of compromise. EDR tools can also identify anomalous user behavior on the endpoint and flag it as suspicious. And if implemented properly, the tools can potentially prevent ransomware from deploying fully. These tools may also have important activity data that forensics investigators can use to determine what the threat actor did in the system and data recovery functions that help a company get back up and running faster. Insurers are increasingly asking about EDR as a control, given it can at least lessen the impact of ransomware incidents. 
  3. In connection with efficient data recovery, solid backup strategy and documentation of a disaster recovery or business continuity plan will help provide peace of mind to policyholders that they are prepared for the worst-case scenario. Security protocols that include immutable backups (a backup that is read-only and cannot be altered or deleted by anyone, including an administrator at the company) are often supported by top-tier cloud backup solutions, marking another important consideration for policyholder investments. Gone are the days where backing up to a separate server is sufficient. Many organizations are moving their backup solutions to the cloud or adopting a hybrid model for this very reason — but it’s how you protect those cloud backups that is key. Organizations need to invest in a solution that will prevent internal members from making changes to backups, because a threat actor that steals their credentials will attempt to access and delete backups as a way to force an organization’s hand at paying.

To fully harness the power of these protective tools, there are two main ways to encourage policyholder usage: fair pricing and education. The cost of cloud backup solutions and EDR tools has come down significantly in recent years, meaning these tools are no longer cost-prohibitive for most companies. For insurers, providing additional discounts on top of already reasonable pricing can be what pushes an organization over to compliance. The greater challenge is in prioritizing what controls to implement and identifying the right vendor (there’s a lot of noise out there!). This is where education can be key and where cyber insurers and brokers can step in to recommend solid partners and solutions.

See also: How Insurtech Boosts Cyber Risk

Enable Underwriters With Tech for Increased Visibility 

Cyber underwriters have traditionally relied on application questions, emails and underwriting calls for larger accounts to obtain cybersecurity information to underwrite an account. Insurtech in cyber insurance empowers underwriters with additional data points about a risk’s posture so they can take a data-driven approach to underwriting.

The ability to scan for threats, and identify risk levels based on existing data, enables underwriters to identify vulnerabilities and build a more meaningful analysis. While there’s no tech-enabled replacement for an experienced underwriter, being able to gain insight into an organization’s IT infrastructure to discover common risk factors (some they may not even be aware of) can streamline the process. The applicant is able to mitigate risk and improve cyber hygiene, which gives the underwriter the additional confidence to move forward. 

In the end, thanks to tech-enabled underwriting, the result is an insured organization. Given the current risk environment and hard market for cyber insurance, we can confidently say that, without the ability to pinpoint risk factors at an individual account level, far more insurers and their underwriters would have further clamped down on cyber limits, increased rates and perhaps exited the market entirely — meaning insurance would be inaccessible for most, if available at all.

Standardize a Threat Response

Cyber insurers and brokers can work with existing policyholders to identify new, active threats during the policy term and support them in their response. 

Once a policyholder is identified as at-risk, tech-enabled cyber insurance providers can consistently monitor the situation and communicate clearly, concisely and quickly about what’s happening. As more information becomes available, it is critical to not only alert the right people but provide extra context around the vulnerability, what the risk is if they don’t patch it and the steps needed to resolve it. This should be done in a way so that all types of team members (in addition to IT professionals) can understand the criticality and communicate it to the right stakeholders for resolution. 

See also: Wake-Up Call on Ransomware

Another method to support policyholders is to weave in prioritized cybersecurity recommendations. At Corvus, our “vCISO,” or virtual CISO, guidance is one way we help policyholders take a stance against threats. This starts with a short security assessment, and pairing of the responses with scan findings that provide the policyholder with a prioritized list of cybersecurity recommendations and resources to help them implement controls or remediate vulnerabilities. This type of consistent, close collaboration is core to the cybersecurity approach that modern insurtech providers are taking to make an enduring impact on risk, rather than checking off a few boxes at the point of underwriting and renewal. 

To boost digital resilience and strengthen cyber hygiene against outside threats, policyholders need to have both the context for why certain security controls are so crucial, as well as the ability to adequately implement them within their organization. Insurers and brokers play a pivotal role in guiding policyholders to make the best decisions to limit their risk, and solutions developed by insurtechs help get the process off the ground with data-backed guidance. As cyber attacks evolve, so will protection strategies — and the sooner companies adopt supporting technologies the easier it will be to get on the same playing field as cybercriminals.

Collective Response to Data Resiliency

Ransomware cyber insurance policies are perceived as having high deductibles and low ceilings. In other words, costs are seen as misaligned with the risks and coverage needs of insureds.

Many insurance companies have adopted a conservative approach toward ransomware premiums out of fear of a cyber insurance “hurricane” where, due to correlated risks and virtually unlimited liability, insurers could be overwhelmed by claims covering cyber-extortion payments, forensics, recovery and data loss and legal expenses.

Exposure has led to premium increases, and some carriers now sub-limit policies with fixed caps on recompense. Mechanisms such as co-insurance demonstrate a mindset of risk-sharing, but a more efficient cyber insurance marketplace demands a broader understanding of shared risk.

Ransomware attacks are felt beyond the targets, with pain spread across the global economy. Cyber insurance offers financial stability. Brokers, actuaries, auditors and other stakeholders should expect reasonable, documented assurances that insureds are making rational investment decisions concerning risk management.

This requires greater cooperation among insurance companies, policyholders and private industry — including technology vendors. Disclosure and documentation, internal network and ransomware data resilience controls and information sharing are areas where we can and should work more closely. This is the way to ensure individual pricing suits the size and scale of risk for both insurers and insureds.

Shared responsibility for data resiliency

An aggressive cybersecurity posture must include forward-thinking strategies toward ransomware. It is in the interests of each of us to disrupt the cyber-extortion business model and eliminate its source of profits.

Ransomware variants are not monolithic. A cooperative response requires a joint analysis of both new and emerging threats, as well as the technologies that ensure security controls are in place and effectively applied.

Altogether, technology is shifting the paradigm. It is effective at early ransomware detection, and software can automatically shut down attacks to minimize the damage. However, while historical capital expenditures have been focused on perimeter and endpoint protection, effectiveness has proven incomplete.

See also: Premiums Climb as Ransomware Bites

Data immutability provides a more complete resiliency model. Maintaining clean datasets that are more readily restored, minimizing loss and preserving data probity, means making data resilient to malicious encryption.

Global file systems, as an example, which in advanced applications offer wider unstructured data management capabilities, in some cases use immutable data architectures.

While immutable repositories resist tampering with data contents, that does not necessarily mean that the host platform cannot be compromised separately. Cybercriminals are adept at finding ways to disable data protection software and systems.

Conducting backups on a daily or weekly basis can help organizations better respond to a ransomware strike, but restoring from a backup almost always involves data loss. Strict data-backup procedures do not ensure that files cannot be encrypted, and moving backups offline results in an operational gap.

Additionally, even where backups are readily available, the time that such restoration will take is frequently underestimated. Because backups are a complete and incrementally produced copy of data, the size of the dataset is substantial, and it may take days or even weeks for clean copies to be restored.

Insurers, policyholders and technology makers should be aware that immutable approaches to data storage are particularly effective even in cases where ransomware can lie dormant in an IT environment, leading to backup of files containing malicious code, because they preserve a pristine data set.

Cloud-based immutable storage repositories, such as Panzura on Amazon AWS S3, which operates with an object-lock feature irrespective of whether the data is accessed, may not necessarily prevent an attack but maintain an unadulterated copy of data for use in a restore scenario.

Best practices say that, should a primary object store be attacked through a security vulnerability, insureds should consider a split-write, or cloud mirror, to a second object store to ensure guaranteed data accessibility.

Collectively documenting data resilience

Research by the University of Kent and the Royal United Services Institute for Defence and Security Studies (RUSI) indicates the insurance sector is struggling to collect and share reliable cyber risk data that can inform underwriting. The report posits that more regulatory intervention may be necessary.

While there is a legitimate role for public agencies in the fight against ransomware, the time is now to take collective steps that will avoid the blunt lattice of regulation. Frameworks of agreement and cooperation among private industry are really the best cure.

The cyber-ecosystem is only as strong as its weakest link, and insurers can more thoroughly underwrite cyber insurance if they better understand the precautions that insureds must take to fend off ransomware attacks and back up their data resources.

Providing brokers and underwriters with better information calls for standardized certifications, enabling all parties to have a holistic view of what constitutes secure data. This should be based on a clear mapping of agreed protocols for defense and acceptable recovery parameters.

See also: Cyber Risk Impact of Working From Home

The insurance purchasing process itself requires an inward evaluation of security controls, and results in better understanding of the value and nature of data. For example, Panzura works with customers to provide a Statement of Ransomware Resilience, along with other types of documentation, which insurers can consider when determining premium pricing and coverage limits.

Consensus among insurers and technology vendors is necessary to define the form and function of the documentation. Acceptance should be a basis for negotiating rates that appropriately balance risk with the immutability and resilience of insured data and networks.

Sharing risk more equitably, we can build on responsible efforts by insurers to avoid a cyber insurance “hurricane.” Collective action will shield all organizations from infection and mitigate the damage of ransomware on the global economic landscape.

How Insurance Can Halt Ransomware

In 1975, the Argentina grain exporter Bunge & Born paid $60 million to free a kidnapped executive. That ransom payment remains the largest ever paid for a single person, but his case marked the beginning of the end for high-profile hostage events. The reason? Insurers began offering kidnap and ransom insurance. The policies not only promised to reimburse ransoms but helped corporations with needed resources such as crisis managers and negotiators to get hostages to safety and to keep ransom costs in check.

Today, major multinational corporations stare down a similar, if less physically tangible, threat. Ransomware is not just a form of cybercrime but a malevolent industry unto itself. With malware deployed to infiltrate networks and encrypt files, bad actors can essentially immobilize operations, create reputational damage and even physically harm people. More concerning, the bar has been lowered for entry with ransomware-as-a-service (RaaS). It no longer takes a skilled operator to carry out the attack—just bad intentions and access to a licensed service. 

Just as in the 1970s, criminals have seized an opportunity to exploit corporate wealth, and it will be up to the insurance industry to help modulate a situation that is spiraling out of control. In this new, digital version of the hostage crisis, the insurance industry is uniquely positioned to play a leadership role, de-escalate the panic, and again help global corporations rise above terrorism and fear.

An Evolving Threat Requires an Evolving Defense

Experts predict that a ransomware attack will occur every 11 seconds in 2021, with global damages from ransomware to hit $6 trillion. No sector is immune, which is why leading corporations joined to create The Ransomware Task Force, with Resilience serving as co-chair to help develop policy solutions for this growing scourge.

While public policy certainly has a role to play, cyber insurance can be more instrumental in effecting change on the ground. Cyber insurers have already become one of the most important drivers for cyber security, requiring policy holders to meet standards of care and providing resources that can help both guard against ransomware attacks and respond to them in a timely manner that saves money, protects data and avoids costly regulatory violations and other liabilities.

See also: Premiums Climb as Ransomware Bites

An Unfair Rap

Yet, some want to blame the escalating ransomware crisis on cyber insurance. Last year, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) stated in an official advisory that “companies that facilitate ransomware payments to cyber actors on behalf of victims…encourage future ransomware payment demands.” They included cyber insurance companies in their list of these facilitators and warned that ransom payments may “embolden cyber actors to engage in future attacks.” Instead of buying cyber insurance to manage and transfer the risk of ransomware, OFAC recommended that institutions wait to contact the relevant government agencies in the event of an attack. 

The focus on ransom payment facilitators distracts from the sources of cybercrime, how targets are chosen—rarely targeted for who they are but for their vulnerability—and the reasons these schemes are increasingly profitable. The rise of cryptocurrency, the mounting consequences of data leaks and last year’s sudden shift to work-from-home are all contributing to ransomware’s growth.

There is no evidence that insured firms are more likely to pay out ransoms—and it’s not up to the insurer to make that decision. In fact, victims with good cyber insurance may be less likely to pay ransoms, because insurers provide technical and legal experts to help identify the best method of recovery. And because firms must often prove their security bona fides as a precondition of insurance, a hardening cyber insurance market is slowly raising the bar for cybersecurity across industries. 

Simple Solutions

While making ransomware payments fully illegal sounds great in theory, like most simple solutions it falls apart in practice. It places an outsized amount of blame on the victim and does nothing to protect victims of future attacks. Insurance can put the economic incentives in place to encourage, if not compel, better security practices while providing a safety net in times of need. 

While there are cases where options like secondary data restoration are viable, some ransoms do ultimately need to be paid. Ransomware actors are experts at applying pressure on their victims, including by threatening to release stolen confidential data to the public. Often, the victim doesn’t have the resources to make this judgment call—the victim needs practiced experts to help it through the process and the economic and technological resources to handle the fallout. In other words, the victim needs insurance.

Mitigating Risk—for Everyone

On the micro level, responsible cyber insurance can both insure and secure, transferring and mitigating risk through incentives that keep insureds up to date on an ever-changing threat landscape. 

For enterprise clients, there may be effective in-house cyber security but challenges in budget justification. For SMEs, the resources an insurer can provide are invaluable. For victims of a ransomware attack, those resources can include forensic services, incident response, legal expertise, repairs and recovery cost. Insurance would also cover business interruption loss and other losses that could otherwise be financially devastating. It may also include the ransom payment, but not always.

On a bigger scale, cyber insurers can collect and share data on all cyber events—continuing to insure against ransomware and collectively pool and spread this risk. As we’ve all seen with catastrophic ransomware events in the past year, such as the Colonial Pipeline fuel shutdown, such events can have massive ripple effects. 

See also: What’s Next for Ransomware

Ransomware is not going away on its own, just as the hostage takers in the 1970s were not going to give up on a lucrative criminal opportunity until it became less desirable. It’s up to the cyber insurance industry to give us the key to a decrypted future.